NSA Accused Of Spying On Cellphone Carriers To Find Security Exploits

Chuck Bednar for redOrbit.com – Your Universe Online
US National Security Agency (NSA) employees spent years monitoring domestic and international companies to find security vulnerabilities that could be exploited for surveillance purposes, according to new reports originating from documents obtained by former NSA contractor Edward Snowden.
Ryan Gallagher of The Intercept, who first broke the story, said that the program was codenamed Auroragold and also detailed how the agency planned to secretly introduce new flaws into communication systems that it could tap into – but which experts said would also have made the general public more susceptible to hackers in the process.
“The covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks,” Gallagher said.
“One high-profile surveillance target is the GSM Association (GSMA), an influential UK-headquartered trade group that works closely with large US-based firms including Microsoft, Facebook, AT&T, and Cisco, and is currently being funded by the U.S. government to develop privacy-enhancing technologies,” he added.
CNET technology columnist Don Reisinger said the NSA targeted IR.21 documents, which highlight new technologies and encryption methods used by mobile carriers, and Chris Johnston of The Guardian said that the documents reveal that the agency targeted meetings held by the trade association.
Cryptographer and cellphone security expert Karsten Nohl told Gallagher that information contained in the Auroragold documents provide hints that the volume and broad scope of data collected as part of the operation suggests the intent was to make sure that the overwhelming majority of mobile networks worldwide were NSA accessible.
“Collecting an inventory [like this] on world networks has big ramifications,” Nohl said, because it allows the agency to monitor and work around improvements in encryption technology cell providers utilize to protect calls and text messages from eavesdropping.
He added that evidence suggesting the NSA was deliberately attempting to weaken mobile communication infrastructure was especially alarming, since those vulnerabilities could be exploited by anyone, not just the NSA. The files also reveal that the NSA basically had unfettered access to the infrastructure of roughly 700 global wireless carriers as of May 2012, Engadget’s Chris Velazco added.
The information collected by the NSA under the Auroragold program was reportedly shared with other US intelligence agencies, as well as their colleagues in the UK, Canada, Australia and New Zealand, according to Johnston. Only a handful of companies targeted by the program were identified in the documents, but a map found in one showed the NSA had some measure of “network coverage” in countries on every continent.
The report indicates that an estimated 70 percent of global cellular networks, “including nearly all in North Africa, many in the Middle East, and nearly three-quarters in China, have had their technical information obtained by that NSA office and potentially exploited,” Reisinger said, adding that the US was “surprisingly low” on the list.
A GSMA spokesperson told Johnston that the organization would not comment until its attorneys had examined the documents, while a spokeswoman with the NSA declined to discuss specifics about Auroragold with The Guardian and would not comment on whether or not the program was still active. She added that the agency “collects only those communications that it is authorized by law to collect in response to valid foreign intelligence and counterintelligence requirements.”
—–
Follow redOrbit on Twitter, Facebook, Instagram and Pinterest.